I think that most Embperl issues are really just Perl issues. I think
one can avoid most problems by making sure that the user input is
checked for double/single quotes, and backticks. Also I think it is good
if you don't interpolate any user data, by putting the input in double
quotes, or some other perl interpolation/execution method.
I've been a member of an internal web-site at my college that allowed
backticks to go out, and I was allowed to make any shell command as user
www. That should be one of first things to make sure the user can't do.
-Akshay
Jack Cushman wrote:
>
> Hi--
>
> I have been doing final security checks before bringing a website live --
> making sure that users can't manually enter post data to see things they
> shouldn't. My employer is naturally curious about any security issues that
> tend to aflict embperl/mod_perl/cgi. While we have followed common sense
> procedures as far as trusting user data, it would be nice if there was an
> article that discussed security holes so we could make sure we haven't
> missed anything. Are there any resources that you have found particularly
> helpful?
>
> Thanks,
> Jack Cushman
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
